MENU × BUSINESS
Banking And InsuranceCryptocurrencyDigital MarketingErpFood And BeveragesHealthcareLegalMarketing And AdvertisingMedia And EntertainmentMetals And MiningOil And GasRetailTelecom
TECHNOLOGY
Artificial IntelligenceBig DataCloudCyber SecurityE CommerceEducationGaming And VfxIT ServiceMobileNetworkingSAPScience And TechnologySecuritySoftwareStorage
PLATFORM
CiscoDatabaseGoogleIBMJuniperM2MMicrosoftOracleRed Hat
LEADERSHIP
CEO ReviewCompany Review
MAGAZINE
ASIA INDIA
STARTUPS CLIENT SPEAK CONTACT US

The Silicon Review Asia

Grammarly Contaminated with a High Severity Bug

Grammarly Contaminated with a High Severity Bug

More embarrassing than just misspelled words - A critical blemish was found in the Chrome and Firefox browser extension of the English language writing-enhancement platform, Grammarly. The bug was nothing a gaping security hole on the Grammarly browser extension, that left about 22 million users’ accounts, including personal documents and records, vulnerable to remote hackers.

Reported on February 2 by Tavis Ormandy of Google Project Zero, the bug is of high severity. According to Tavis, any website that a Grammarly user visits could steal the authentication tokens, which is more than enough to gain access to user's account and take control of everything without permission. And the worst part is that the remote attackers could do this with just 4 lines of JavaScript code. Tavis has also provided a proof-of-concept (PoC) exploit in his vulnerability report explaining how easily a hacker can make use of this serious flaw to steal Grammarly user's access token.

“I am calling this a high severity bug as it seems like a pretty severe violation of user expectations,” Tavis said in his vulnerability report. "Users would never expect that visiting a site gives it permission to access documents or data they have typed into other sites.”

To secure all its users’ data, Grammarly quickly fixed the bug in the Chrome Web Store and Mozilla also confirmed that the Firefox version of the extension also rolled out to the users.

"We're continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor. This high severity bug didn’t affect the Grammarly Keyboard or Grammarly Microsoft Office add-on. The bug is fixed, and there is no action required by Grammarly users," a Grammarly spokesperson said.

YOU MAY ALSO LIKE

Pine Labs Reaffirms its Commitment to Indian Payments Space with Qfix Acquisition

HDFC Bank is Qfix's main distribution partner Pine Labs has announced that it has acquired Qfix, a Mumbai-based online payments startup. This acquisi...

Salesforce Expands into Thailand, Opens Office in Bangkok

Salesforce has announced permanent presence in Thailand by launching its new office in the country’s capital, Bangkok. The permanent presence wi...

GMLL is expected to soon add two more stores to its retail arm ‘Price Mantra’

Garment Mantra Lifestyle, a popular name in the Indian fashion retail segment, recently made an announcement that the company is expanding its retail ...

Tariff plans will cost higher from the next financial year as telecom companies are gearing up to increase rates

The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...

RECOMMENDED